我的linux学习之旅:(1) DNS
DNS的配置
我准备的网络环境如下
目标:配置DNSMaster和DNSSlave两台dns服务器,形成主从配置,为本网络提供名称解析服务。
过程:通过脚本为2台服务器自动配置所需环境(文章最后附上此次脚本)
操作系统:CentOS6.6 x32_64
DNSMaster
/etc/sysconfig/network-scripts/ifcfg-eth0 配置
启动named服务,查看53端口。
/etc/named.rfc1912.zones 中新添加的子域
子域文件
/var/named/test.com.zone
子域的反解文件
/var/named/172.16.32.zone
对test.com域的正解和反解
将注释取消掉后不允许进行反解
DNSSlave主机
/etc/sysconfig/network-scripts/ifcfg-eth0 配置
/var/named/test.com.zone 文件的配置情况
会自动从下载解析文件
/var/named/slaves/test.com.zone 文件
/var/named/slaves/172.16.32.zone 文件
查看域的正解
查看域的反解
将DNSMaster的服务关闭后
会发现提供解析的服务器已转为DNSSlave
#!/bin/bash # 基于yum安装bind rpm -ql bind &>/dev/null || yum install -y bind bind-utils # 修改默认配置文件 conf=/etc/named.conf [ -f $conf.bak ] && cp -f $conf.bak $conf || cp $conf $conf.bak sed -i ‘s@\(^[[:space:]]*listen-on.*\)@//\1@‘ $conf sed -i ‘s/localhost;/any;/g‘ $conf sed -i ‘s/dnssec-enable yes/dnssec-enable no/‘ $conf sed -i ‘s/dnssec-validation yes/dnssec-validation no/‘ $conf sed -i ‘s/auto/no/‘ $conf sed -i ‘s@\(^[[:space:]]*bindkeys\)@//\1@‘ $conf sed -i ‘s@\(^[[:space:]]*managed\)@//\1@‘ $conf # 设置一个黑名单 blackhole=192.168.0.0/24 [ ! -z $blackhole ] && sed -i "s@\(recursion yes;\)@\1\n\tblackhole { `echo $blackhole`; };@" $conf # 域名称 zonename=test.com # 域的网段地址 zoneIP=172.16.32.0 # 主域 NS=(ns1 ns2) masterip=172.16.32.251 slaveip=172.16.32.252 # 子域 SUBNS=() # 邮件列表 MX=(mail) # A记录 A=(ns1=172.16.32.251 ns2=172.16.32.252 www1=172.16.32.241 www2=172.16.32.242 php=172.16.32.231 mysqlM=172.16.32.221 mysqlS=172.16.32.222 ftp=172.16.0.1 ) # 别名列表 CNAME=(pop3=mail imaps=mail www=www1) # SOA ns and mail soaNS=ns soaMail=mail ser=01 ttl=3600 serial=`date +"%Y%m%d"`$ser refresh=1H retry=5M expire=7D mttl=1H zonefile=/var/named sed -i ‘43,$d‘ /etc/named.rfc1912.zones ptrip=`echo $zoneIP | cut -d‘.‘ -f3`"."`echo $zoneIP | cut -d‘.‘ -f2`"."`echo $zoneIP | cut -d‘.‘ -f1` if [ ${1:-master} == "slave" ];then cat >> /etc/named.rfc1912.zones <<EOF zone "$zonename" IN { type slave; file "slaves/$zonename.zone"; masters { $masterip; }; allow-transfer { 172.16.32.0/16; }; }; zone "$ptrip.in-addr.arpa" IN { type slave; file "slaves/${zoneIP%.*}.zone"; masters { $masterip; }; // allow-transfer { none; }; }; zone "example.com" IN { type forward; forward only; forwarders { 172.16.0.1; }; }; EOF else cat >> /etc/named.rfc1912.zones <<EOF zone "$zonename" IN { type master; file "$zonename.zone"; allow-transfer { 172.16.32.0/16; }; }; zone "$ptrip.in-addr.arpa" IN { type master; file "${zoneIP%.*}.zone"; // allow-transfer { none; }; }; zone "example.com" IN { type forward; forward only; forwarders { 172.16.0.1; }; }; EOF zoneNS="" zoneSUBNS="" zoneMX="" zoneA="" zoneCNAME="" for i in ${NS[@]};do zoneNS=$zoneNS"\tIN\tNS\t"$i"\n" done for i in ${SUBNS[@]};do zoneSUBNS=$zoneNS$i"\tIN\tNS\t"$i"\n" done nice=10 for i in ${MX[@]};do zoneMX=$zoneMX"\tIN\tMX\t$nice\t$i\n" nice=$[$nice+10] done for i in ${A[@]};do zoneA=$zoneA`echo $i | cut -d‘=‘ -f1`"\tIN\tA\t"`echo $i | cut -d‘=‘ -f2`"\n" done for i in ${CNAME[@]};do zoneCNAME=$zoneCNAME`echo $i | cut -d‘=‘ -f1`"\tIN\tCNAME\t"`echo $i | cut -d‘=‘ -f2`"\n" done function getptr(){ ptr=`echo $1|cut -d‘.‘ -f4`"."`echo $1|cut -d‘.‘ -f3`"."`echo $1|cut -d‘.‘ -f2`"."`echo $1|cut -d‘.‘ -f1`.in-addr.arpa.; echo -n $ptr } ptrNS="" for i in ${NS[@]};do ptrNS=$ptrNS"\tIN\tNS\t"$i.$zonename."\n" done function ptrA(){ for i in ${A[@]};do getptr `echo $i | cut -d‘=‘ -f2` echo -en "\tIN\tPTR\t`echo $i | cut -d‘=‘ -f1`.$zonename.\n" done } cat > $zonefile/$zonename.zone <<EOF \$TTL $ttl \$ORIGIN $zonename. @ IN SOA $soaNS $soaMail ( $serial $refresh $retry $expire $mttl ) `echo -e $zoneNS` `echo -e $zoneMX` `echo -e $zoneA` `echo -e $zoneCNAME` `echo -e $zoneSUBNS` EOF cat > $zonefile/${zoneIP%.*}.zone <<EOF \$TTL $ttl \$ORIGIN $ptrip.in-addr.arpa. @ IN SOA $soaNS.$zonename. $soaMail.$zonename. ( $serial $refresh $retry $expire $mttl ) `echo -e $ptrNS` `ptrA` EOF fi chown :named $zonefile/$zonename.zone $zonefile/${zoneIP%.*}.zone chmod 640 $zonefile/$zonename.zone $zonefile/${zoneIP%.*}.zone chkconfig named on pidof named &>/dev/null && service named restart || service named start
本文出自 “ttqq” 博客,请务必保留此出处http://473008.blog.51cto.com/463008/1595640
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。